When 2 Billion+ NPM Downloads Get Hijacked: Anatomy of a Major Supply-Chain Attack

On September 8, 2025, a remarkably large-scale npm supply-chain attack was uncovered—one of the most severe in JavaScript’s history. A trusted maintainer’s npm account was compromised via phishing, enabling attackers to inject cryptostealer malware into 18 popular packages (e.g., chalk, debug, ansi-styles), collectively accounting for around 2.6 billion weekly downloads     .

The Attack: What Happened

1. Phishing Setup

A fraudulent email, sent from support@npmjs.help, a look-alike domain of the legitimate npm support, urged the maintainer known as Qix (Josh Junon) to update their 2FA, claiming their account would be locked on September 10. Despite caution, Junon clicked the link during a busy day and entered credentials on the fake site.

NPM supply chain attack | Fluid Attacks

A phishing attack on a trusted npm maintainer compromised packages with over 2 billion weekly downloads. Here we explore the attack and its broad implications.

Fluid Attacks

Phishing attack nets enormous npm supply chain compromise

Developers targeted in new hacking campaign.

iTnewsJuha Saarinen

2. Compromise of Maintainer Account

The attackers then used the compromised credentials to push malicious versions of 18 packages, including chalk (~300 M weekly downloads), debug (~358 M), ansi-styles (~371 M), supports-color, strip-ansi, and more.

Largest NPM Hack in History - Supply Chain Attack, Targets Crypto Wallets

A sophisticated phishing attack has compromised popular NPM packages with over 2 billion combined weekly downloads, injecting cryptocurrency-stealing malware that hijacks wallet transactions and replaces payment addresses. On September 8, 2025, security researchers discovered one of the largest supply chain attacks in JavaScript ecosystem history when malicious code was injected into fundamental NPM packages used by millions of developers worldwide. The attack, which targeted packages like <b> chalk (300M weekly downloads</b> ), <b> debug (358M downloads)</b> , and <b> ansi-styles (371M downloads)</b> , represents a critical threat to the entire web development community. The Phishing That Started It All The attack began when a prominent open-source maintainer known as “qix-” fell victim to a sophisticated phishing email appearing to come from support@npmjs.help . The fake domain closely mimicked NPM’s legitimate support channel, and the maintainer, admitting to having “a long week and a panicky …

Cyber KendraAdmin

Security Alert | chalk, debug and color on npm compromised in new supply chain attack

A cryptostealer malware was pushed to a number of npm packages including debug, chalk , and a number of utility packages as a result of the compromise of a single contributor. Many of these packages were quickly removed from npm before they were widely downloaded. We have just published a new rule to all customers to f…

SemgrepKatie Paxton-Fear

NPM supply chain attack | Fluid Attacks

A phishing attack on a trusted npm maintainer compromised packages with over 2 billion weekly downloads. Here we explore the attack and its broad implications.

Fluid Attacks

3. Rapid Detection & Containment

Aikido Security detected the compromise within five minutes, and it was publicly disclosed within about an hour, limiting further spread.

NPM supply chain attack | Fluid Attacks

A phishing attack on a trusted npm maintainer compromised packages with over 2 billion weekly downloads. Here we explore the attack and its broad implications.

Fluid Attacks

Largest NPM Hack in History - Supply Chain Attack, Targets Crypto Wallets

A sophisticated phishing attack has compromised popular NPM packages with over 2 billion combined weekly downloads, injecting cryptocurrency-stealing malware that hijacks wallet transactions and replaces payment addresses. On September 8, 2025, security researchers discovered one of the largest supply chain attacks in JavaScript ecosystem history when malicious code was injected into fundamental NPM packages used by millions of developers worldwide. The attack, which targeted packages like <b> chalk (300M weekly downloads</b> ), <b> debug (358M downloads)</b> , and <b> ansi-styles (371M downloads)</b> , represents a critical threat to the entire web development community. The Phishing That Started It All The attack began when a prominent open-source maintainer known as “qix-” fell victim to a sophisticated phishing email appearing to come from support@npmjs.help . The fake domain closely mimicked NPM’s legitimate support channel, and the maintainer, admitting to having “a long week and a panicky …

Cyber KendraAdmin

Malware Mechanics & Impact

The injected malware was tailored to target Web3 browser wallets. It intercepts wallet-related API calls, like window.ethereum, fetch, or XMLHttpRequest, and silently swaps destination addresses, redirecting crypto funds to attacker-controlled accounts. Ledger’s CTO Charles Guillemet warned that this could put billions of dollars in crypto assets at risk, although early estimates suggest only under $50 in actual crypto was stolen before mitigation began.

Hackers Exploit JavaScript Accounts in Massive Crypto Attack Reportedly Affecting 1B+ Downloads

A major supply-chain attack has infiltrated widely used JavaScript packages, potentially putting billions of dollars in crypto at risk.

Financial and Business News | Finance MagnatesJared Kirui

https://securityboulevard.com/2025/09/npm-supply-chain-attack-sophisticated-multi-chain-cryptocurrency-drainer-infiltrates-popular-packages/

SOCRadar’s CISO called this event a “watershed moment” for software supply-chain security, highlighting how attackers exploited the foundational trust in open-source ecosystems—without having to breach infrastructure, they simply hijacked a trusted account.

Massive npm hack poisons 18 packages with billions of downloads - SiliconANGLE

Massive npm hack poisons 18 packages with billions of downloads - SiliconANGLE

SiliconANGLEDuncan Riley

Broader Implications

• Single Point of Failure in Open Source
  This incident underscores how compromising just one maintainer can cascade through vast swathes of the ecosystem—a longstanding risk in npm, which heavily relies on a few high-impact maintainers.

Small World with High Risks: A Study of Security Threats in the npm Ecosystem

The popularity of JavaScript has lead to a large ecosystem of third-party packages available via the npm software package registry. The open nature of npm has boosted its growth, providing over 800,000 free and reusable software packages. Unfortunately, this open nature also causes security risks, as evidenced by recent incidents of single packages that broke or attacked software running on millions of computers. This paper studies security risks for users of npm by systematically analyzing dependencies between packages, the maintainers responsible for these packages, and publicly reported security issues. Studying the potential for running vulnerable or malicious code due to third-party dependencies, we find that individual packages could impact large parts of the entire ecosystem. Moreover, a very small number of maintainer accounts could be used to inject malicious code into the majority of all packages, a problem that has been increasing over time. Studying the potential for accidentally using vulnerable code, we find that lack of maintenance causes many packages to depend on vulnerable code, even years after a vulnerability has become public. Our results provide evidence that npm suffers from single points of failure and that unmaintained packages threaten large code bases. We discuss several mitigation techniques, such as trusted maintainers and total first-party security, and analyze their potential effectiveness.

arXiv.orgMarkus Zimmermann

Supply chain attack - Wikipedia

Wikimedia Foundation, Inc.Contributors to Wikimedia projects

• Growing Threat Surface with Web3 Integration
  The attack’s focus on crypto wallet hijacking is emblematic of evolving targets—now that Web3 wallets run within browser contexts, supply-chain compromises have stealthy, high-stakes consequences.

https://securityboulevard.com/2025/09/npm-supply-chain-attack-sophisticated-multi-chain-cryptocurrency-drainer-infiltrates-popular-packages/

Hackers Exploit JavaScript Accounts in Massive Crypto Attack Reportedly Affecting 1B+ Downloads

A major supply-chain attack has infiltrated widely used JavaScript packages, potentially putting billions of dollars in crypto at risk.

Financial and Business News | Finance MagnatesJared Kirui

• Need for Strategic Improvements
  The speed of detection and response was outstanding—but it points to the need for better proactive defenses: least-privilege execution, permissioned package behavior, and enhanced vetting mechanisms.

Containing Malicious Package Updates in npm with a Lightweight Permission System

The large amount of third-party packages available in fast-moving software ecosystems, such as Node.js/npm, enables attackers to compromise applications by pushing malicious updates to their package dependencies. Studying the npm repository, we observed that many packages in the npm repository that are used in Node.js applications perform only simple computations and do not need access to filesystem or network APIs. This offers the opportunity to enforce least-privilege design per package, protecting applications and package dependencies from malicious updates. We propose a lightweight permission system that protects Node.js applications by enforcing package permissions at runtime. We discuss the design space of solutions and show that our system makes a large number of packages much harder to be exploited, almost for free.

arXiv.orgGabriel Ferreira

Mitigation & Best Practices

Here’s a structured defensive playbook for publishers and developers:

Maintainers

• Use hardware-based 2FA (not just email or SMS)
• Verify sender domains carefully; don’t follow 2FA prompts via email
• Limit scope of maintainership, apply principle of least privilege

Developers / Consumers

• Pin dependency versions in package.json & package-lock.json
• Use npm audit and static scanning tools
• Conduct manual reviews of updates for critical packages
• Implement runtime sandboxing or permission-based models (e.g. restrictions on network or wallet APIs)

Containing Malicious Package Updates in npm with a Lightweight Permission System

The large amount of third-party packages available in fast-moving software ecosystems, such as Node.js/npm, enables attackers to compromise applications by pushing malicious updates to their package dependencies. Studying the npm repository, we observed that many packages in the npm repository that are used in Node.js applications perform only simple computations and do not need access to filesystem or network APIs. This offers the opportunity to enforce least-privilege design per package, protecting applications and package dependencies from malicious updates. We propose a lightweight permission system that protects Node.js applications by enforcing package permissions at runtime. We discuss the design space of solutions and show that our system makes a large number of packages much harder to be exploited, almost for free.

arXiv.orgGabriel Ferreira

Registry / Ecosystem

• Introduce warning systems for anomalous update activity
• Enforce code signing for high-impact packages
• Offer optional “trusted maintainer” vetting
• Educate maintainers on phishing and impersonation tactics

⸻

Final Thoughts

While disconcerting, this incident also showcased the strength of the open-source community: rapid detection, transparent communication, and swift package rollback prevented far greater harm.

But it’s a clear wake-up call: trust alone isn’t enough. Supply-chain security must be reinforced through layered defenses—technical, procedural, and educational. If you’re building GenAI or cloud-based ecosystems (as I know you are!), investing in dependency hygiene and hardened deployment pipelines now will pay long-term dividends.